RubyGems - casino - Versions diffs - 3.0.4 → 4.0.0.pre.1 - Mend

casino 3.0.4 → 4.0.0.pre.1

Files changed (149) hide show

data/app/processors/casino/two_factor_authenticator_registrator_processor.rb DELETED

@@ -1,24 +0,0 @@
-require 'rotp'
-# The TwoFactorAuthenticatorRegistrator processor can be used as the first step to register a new two-factor authenticator.
-# It is inactive until activated using TwoFactorAuthenticatorActivator.
-#
-# This feature is not described in the CAS specification so it's completly optional
-# to implement this on the web application side.
-class CASino::TwoFactorAuthenticatorRegistratorProcessor < CASino::Processor
-  include CASino::ProcessorConcern::TicketGrantingTickets
-  # This method will call `#user_not_logged_in` or `#two_factor_authenticator_registered(two_factor_authenticator)` on the listener.
-  # @param [Hash] cookies cookies delivered by the client
-  # @param [String] user_agent user-agent delivered by the client
-  def process(cookies = nil, user_agent = nil)
-    cookies ||= {}
-    tgt = find_valid_ticket_granting_ticket(cookies[:tgt], user_agent)
-    if tgt.nil?
-      @listener.user_not_logged_in
-    else
-      two_factor_authenticator = tgt.user.two_factor_authenticators.create! secret: ROTP::Base32.random_base32
-      @listener.two_factor_authenticator_registered(two_factor_authenticator)
-    end
-  end
-end

data/spec/controllers/api/v1/tickets_controller_spec.rb DELETED

@@ -1,114 +0,0 @@
-require 'spec_helper'
-describe CASino::Api::V1::TicketsController do
-  describe "POST /cas/v1/tickets" do
-    context "with correct credentials" do
-      before do
-        CASino::API::LoginCredentialAcceptorProcessor.any_instance.should_receive(:process) do
-          @controller.user_logged_in_via_api "TGT-long-string"
-        end
-        post :create, username: 'valid', password: 'valid', use_route: :casino
-      end
-      subject { response }
-      its(:response_code) { should eq 201 }
-      its(:location) { should eq 'http://test.host/cas/v1/tickets/TGT-long-string' }
-    end
-    context "with incorrect credentials" do
-      before do
-        CASino::API::LoginCredentialAcceptorProcessor.any_instance.should_receive(:process) do
-          @controller.invalid_login_credentials_via_api
-        end
-        post :create, username: 'invalid', password: 'invalid', use_route: :casino
-      end
-      subject { response }
-      its(:response_code) { should eq 400 }
-    end
-    context "with a not allowed service" do
-      before do
-        CASino::API::LoginCredentialAcceptorProcessor.any_instance.should_receive(:process) do
-          @controller.service_not_allowed_via_api
-        end
-        post :create, username: 'example', password: 'example', use_route: :casino
-      end
-      subject { response }
-      its(:response_code) { should eq 400 }
-    end
-  end
-  describe "POST /cas/v1/tickets/{TGT id}" do
-    context "with a valid TGT" do
-      before do
-        CASino::API::ServiceTicketProviderProcessor.any_instance.should_receive(:process).with('TGT-valid', kind_of(Hash), request.user_agent) do |ticket, params|
-          params.should == controller.params
-          @controller.granted_service_ticket_via_api 'ST-1-VALIDSERVICETICKET'
-        end
-        post :update, id: 'TGT-valid', service: 'http://example.org/', use_route: :casino
-      end
-      subject { response }
-      its(:response_code) { should eq 200 }
-      its(:body) { should eq 'ST-1-VALIDSERVICETICKET' }
-    end
-    context "with an invalid TGT" do
-      before do
-        CASino::API::ServiceTicketProviderProcessor.any_instance.should_receive(:process).with('TGT-invalid', kind_of(Hash), request.user_agent) do |ticket, params|
-          params.should == controller.params
-          @controller.invalid_ticket_granting_ticket_via_api
-        end
-        post :update, id: 'TGT-invalid', service: 'http://example.org/', use_route: :casino
-      end
-      subject { response }
-      its(:response_code) { should eq 400 }
-    end
-    context "without a service" do
-      before do
-        CASino::API::ServiceTicketProviderProcessor.any_instance.should_receive(:process).with('TGT-valid', kind_of(Hash), request.user_agent) do |ticket, params|
-          params.should == controller.params
-          @controller.no_service_provided_via_api
-        end
-        post :update, id:'TGT-valid', use_route: :casino
-      end
-      subject { response }
-      its(:response_code) { should eq 400 }
-    end
-  end
-  describe "DELETE /cas/v1/tickets/TGT-fdsjfsdfjkalfewrihfdhfaie" do
-     before do
-      CASino::API::LogoutProcessor.any_instance.should_receive(:process).with('TGT-fdsjfsdfjkalfewrihfdhfaie', request.user_agent) do
-        @controller.user_logged_out_via_api
-      end
-      post :destroy, id: 'TGT-fdsjfsdfjkalfewrihfdhfaie', use_route: :casino
-    end
-    subject { response }
-    its(:response_code) { should eq 200 }
-  end
-end

data/spec/controllers/listener/legacy_validator_spec.rb DELETED

@@ -1,22 +0,0 @@
-require 'spec_helper'
-describe CASino::LegacyValidatorListener do
-  let(:controller) { Object.new }
-  let(:listener) { described_class.new(controller) }
-  let(:response_text) { "foobar\nbla\n" }
-  let(:render_parameters) { { text: response_text, content_type: 'text/plain' } }
-  describe '#validation_succeeded' do
-    it 'tells the controller to render the response text' do
-      controller.should_receive(:render).with(render_parameters)
-      listener.validation_succeeded(response_text)
-    end
-  end
-  describe '#validation_failed' do
-    it 'tells the controller to render the response text' do
-      controller.should_receive(:render).with(render_parameters)
-      listener.validation_failed(response_text)
-    end
-  end
-end

data/spec/controllers/listener/login_credential_acceptor_spec.rb DELETED

@@ -1,108 +0,0 @@
-require 'spec_helper'
-describe CASino::LoginCredentialAcceptorListener do
-  include CASino::Engine.routes.url_helpers
-  let(:controller) { Struct.new(:cookies).new(cookies: {}) }
-  let(:listener) { described_class.new(controller) }
-  before(:each) do
-    controller.stub(:redirect_to)
-  end
-  describe '#user_logged_in' do
-    let(:ticket_granting_ticket) { 'TGT-123' }
-    context 'with a service url' do
-      let(:url) { 'http://www.example.com/?ticket=ST-123' }
-      it 'tells the controller to redirect the client' do
-        controller.should_receive(:redirect_to).with(url, status: :see_other)
-        listener.user_logged_in(url, ticket_granting_ticket)
-      end
-    end
-    context 'without a service url' do
-      let(:url) { nil }
-      it 'tells the controller to redirect to the session overview' do
-        controller.should_receive(:redirect_to).with(sessions_path, status: :see_other)
-        listener.user_logged_in(url, ticket_granting_ticket)
-      end
-      it 'creates the tgt cookie' do
-        listener.user_logged_in(url, ticket_granting_ticket)
-        controller.cookies[:tgt][:value].should == ticket_granting_ticket
-      end
-    end
-    context 'with cookie expiry time' do
-      let(:url) { Object.new }
-      let(:expiry_time) { Time.now }
-      it 'set the tgt cookie expiry time' do
-        listener.user_logged_in(url, ticket_granting_ticket, expiry_time)
-        controller.cookies[:tgt][:value].should == ticket_granting_ticket
-        controller.cookies[:tgt][:expires].should == expiry_time
-      end
-    end
-  end
-  [:invalid_login_credentials, :invalid_login_ticket].each do |method|
-    context "##{method}" do
-      let(:login_ticket) { Object.new }
-      let(:flash) { ActionDispatch::Flash::FlashHash.new }
-      before(:each) do
-        controller.stub(:render)
-        controller.stub(:flash).and_return(flash)
-      end
-      it 'tells the controller to render the new template' do
-        controller.should_receive(:render).with('new', status: 403)
-        listener.send(method, login_ticket)
-      end
-      it 'assigns a new login ticket' do
-        listener.send(method, login_ticket)
-        controller.instance_variable_get(:@login_ticket).should == login_ticket
-      end
-      it 'should add an error message' do
-        listener.send(method, login_ticket)
-        flash[:error].should == I18n.t("login_credential_acceptor.#{method}")
-      end
-    end
-  end
-  context '#service_not_allowed' do
-    let(:service) { 'http://www.example.com/foo' }
-    before(:each) do
-      controller.stub(:render)
-    end
-    it 'tells the controller to render the service_not_allowed template' do
-      controller.should_receive(:render).with('service_not_allowed', status: 403)
-      listener.send(:service_not_allowed, service)
-    end
-    it 'assigns the not allowed service' do
-      listener.send(:service_not_allowed, service)
-      controller.instance_variable_get(:@service).should == service
-    end
-  end
-  context '#two_factor_authentication_pending' do
-    let(:ticket_granting_ticket) { 'TGT-123' }
-    before(:each) do
-      controller.stub(:render)
-    end
-    it 'tells the controller to render the service_not_allowed template' do
-      controller.should_receive(:render).with('validate_otp')
-      listener.send(:two_factor_authentication_pending, ticket_granting_ticket)
-    end
-    it 'assigns the not allowed service' do
-      listener.send(:two_factor_authentication_pending, ticket_granting_ticket)
-      controller.instance_variable_get(:@ticket_granting_ticket).should == ticket_granting_ticket
-    end
-  end
-end

data/spec/controllers/listener/login_credential_requestor_spec.rb DELETED

@@ -1,57 +0,0 @@
-require 'spec_helper'
-describe CASino::LoginCredentialRequestorListener do
-  include CASino::Engine.routes.url_helpers
-  let(:controller) { Struct.new(:cookies).new(cookies: {}) }
-  let(:listener) { described_class.new(controller) }
-  describe '#user_not_logged_in' do
-    let(:login_ticket) { Object.new }
-    it 'assigns the login ticket' do
-      listener.user_not_logged_in(login_ticket)
-      controller.instance_variable_get(:@login_ticket).should == login_ticket
-    end
-    it 'deletes an existing ticket-granting ticket cookie' do
-      controller.cookies = { tgt: 'TGT-12345' }
-      listener.user_not_logged_in(login_ticket)
-      controller.cookies[:tgt].should be_nil
-    end
-  end
-  describe '#user_logged_in' do
-    context 'with a service url' do
-      let(:url) { 'http://www.example.com/?ticket=ST-123' }
-      it 'tells the controller to redirect the client' do
-        controller.should_receive(:redirect_to).with(url, status: :see_other)
-        listener.user_logged_in(url)
-      end
-    end
-    context 'without a service url' do
-      let(:url) { nil }
-      it 'tells the controller to redirect to the session overview' do
-        controller.should_receive(:redirect_to).with(sessions_path)
-        listener.user_logged_in(url)
-      end
-    end
-  end
-  context '#service_not_allowed' do
-    let(:service) { 'http://www.example.com/foo' }
-    before(:each) do
-      controller.stub(:render)
-    end
-    it 'tells the controller to render the service_not_allowed template' do
-      controller.should_receive(:render).with('service_not_allowed', status: 403)
-      listener.send(:service_not_allowed, service)
-    end
-    it 'assigns the not allowed service' do
-      listener.send(:service_not_allowed, service)
-      controller.instance_variable_get(:@service).should == service
-    end
-  end
-end

data/spec/controllers/listener/logout_spec.rb DELETED

@@ -1,38 +0,0 @@
-require 'spec_helper'
-describe CASino::LogoutListener do
-  include Rails.application.routes.url_helpers
-  let(:controller) { Struct.new(:cookies).new(cookies: {}) }
-  let(:listener) { described_class.new(controller) }
-  describe '#user_logged_out' do
-    let(:url) { 'http://www.example.com/test' }
-    it 'assigns the url' do
-      listener.user_logged_out(url)
-      controller.instance_variable_get(:@url).should == url
-    end
-    it 'deletes an existing ticket-granting ticket cookie' do
-      controller.cookies = { tgt: 'TGT-12345' }
-      listener.user_logged_out(url)
-      controller.cookies[:tgt].should be_nil
-    end
-    context 'with redirect_immediately flag' do
-      before(:each) do
-        controller.stub(:redirect_to)
-      end
-      it 'tells the controller to redirect the client' do
-        controller.should_receive(:redirect_to).with(url, status: :see_other)
-        listener.user_logged_out(url, true)
-      end
-      it 'deletes an existing ticket-granting ticket cookie' do
-        controller.cookies = { tgt: 'TGT-12345' }
-        listener.user_logged_out(url, true)
-        controller.cookies[:tgt].should be_nil
-      end
-    end
-  end
-end

data/spec/controllers/listener/other_sessions_destroyer_spec.rb DELETED

@@ -1,19 +0,0 @@
-require 'spec_helper'
-describe CASino::OtherSessionsDestroyerListener do
-  include CASino::Engine.routes.url_helpers
-  let(:controller) { Struct.new(:cookies).new(cookies: {}) }
-  let(:listener) { described_class.new(controller) }
-  before(:each) do
-    controller.stub(:redirect_to)
-  end
-  describe '#other_sessions_destroyed' do
-    let(:service) { 'http://www.example.com/' }
-    it 'redirects back to the URL' do
-      controller.should_receive(:redirect_to).with(service)
-      listener.other_sessions_destroyed(service)
-    end
-  end
-end

data/spec/controllers/listener/proxy_ticket_provider_spec.rb DELETED

@@ -1,22 +0,0 @@
-require 'spec_helper'
-describe CASino::ProxyTicketProviderListener do
-  let(:controller) { Object.new }
-  let(:listener) { described_class.new(controller) }
-  let(:xml) { "<foo><bar>bla</bar></foo>" }
-  let(:render_parameters) { { xml: xml } }
-  describe '#request_succeeded' do
-    it 'tells the controller to render the response xml' do
-      controller.should_receive(:render).with(render_parameters)
-      listener.request_succeeded(xml)
-    end
-  end
-  describe '#request_failed' do
-    it 'tells the controller to render the response xml' do
-      controller.should_receive(:render).with(render_parameters)
-      listener.request_failed(xml)
-    end
-  end
-end

data/spec/controllers/listener/second_factor_authentication_acceptor_spec.rb DELETED

@@ -1,74 +0,0 @@
-require 'spec_helper'
-describe CASino::SecondFactorAuthenticationAcceptorListener do
-  include CASino::Engine.routes.url_helpers
-  let(:controller) { Struct.new(:cookies).new(cookies: {}) }
-  let(:listener) { described_class.new(controller) }
-  before(:each) do
-    controller.stub(:redirect_to)
-  end
-  describe '#user_not_logged_in' do
-    it 'redirects to the login page' do
-      controller.should_receive(:redirect_to).with(login_path)
-      listener.user_not_logged_in
-    end
-  end
-  describe '#user_logged_in' do
-    let(:ticket_granting_ticket) { 'TGT-123' }
-    context 'with a service url' do
-      let(:url) { 'http://www.example.com/?ticket=ST-123' }
-      it 'tells the controller to redirect the client' do
-        controller.should_receive(:redirect_to).with(url, status: :see_other)
-        listener.user_logged_in(url, ticket_granting_ticket)
-      end
-    end
-    context 'without a service url' do
-      let(:url) { nil }
-      it 'tells the controller to redirect to the session overview' do
-        controller.should_receive(:redirect_to).with(sessions_path, status: :see_other)
-        listener.user_logged_in(url, ticket_granting_ticket)
-      end
-      it 'creates the tgt cookie' do
-        listener.user_logged_in(url, ticket_granting_ticket)
-        controller.cookies[:tgt].should == { value: ticket_granting_ticket, expires: nil }
-      end
-    end
-  end
-  context "#invalid_one_time_password" do
-    let(:flash) { ActionDispatch::Flash::FlashHash.new }
-    before(:each) do
-      controller.stub(:render)
-      controller.stub(:flash).and_return(flash)
-    end
-    it 'should add an error message' do
-      listener.invalid_one_time_password
-      flash[:error].should == I18n.t('validate_otp.invalid_otp')
-    end
-  end
-  context '#service_not_allowed' do
-    let(:service) { 'http://www.example.com/foo' }
-    before(:each) do
-      controller.stub(:render)
-    end
-    it 'tells the controller to render the service_not_allowed template' do
-      controller.should_receive(:render).with('service_not_allowed', status: 403)
-      listener.send(:service_not_allowed, service)
-    end
-    it 'assigns the not allowed service' do
-      listener.send(:service_not_allowed, service)
-      controller.instance_variable_get(:@service).should == service
-    end
-  end
-end